[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Ingo Molnar
mingo at elte.hu
Thu May 12 06:49:16 EDT 2011
* Kees Cook <kees.cook at canonical.com> wrote:
> Hi,
>
> On Thu, May 12, 2011 at 09:48:50AM +0200, Ingo Molnar wrote:
> > 1) We already have a specific ABI for this: you can set filters for events via
> > an event fd.
> >
> > Why not extend that mechanism instead and improve *both* your sandboxing
> > bits and the events code? This new seccomp code has a lot more
> > to do with trace event filters than the minimal old seccomp code ...
>
> Would this require privileges to get the event fd to start with? [...]
No special privileges with the default perf_events_paranoid value.
> [...] If so, I would prefer to avoid that, since using prctl() as shown in
> the patch set won't require any privs.
and we could also explicitly allow syscall events without any privileges,
regardless of the setting of 'perf_events_paranoid' config value.
Obviously a sandboxing host process wants to run with as low privileges as it
can.
Thanks,
Ingo
More information about the linux-arm-kernel
mailing list